php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #5877 single quote non-compliance
Submitted: 2000-07-31 19:09 UTC Modified: 2000-08-01 09:30 UTC
From: dietricha at subpop dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.1 OS: Debian Linux (slink), Apache 1.3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: dietricha at subpop dot com
New email:
PHP Version: OS:

 

 [2000-07-31 19:09 UTC] dietricha at subpop dot com
when using php 4.0.1 compiled with --enable-trans-sid:

this script:
<?
print "<a href='test.php'>";
?>

prints this:
<a href='test.php'&PHPSESSID=23hj2hj3j3jhhk2k>
and session id is not propagated.

php4 isn't acknowledging single quotes to be valid delimiters of href attribute values.

Note from W3C HTML 4.01 specification:
"By default, SGML requires that all attribute values be delimited using either double quotation marks (ASCII decimal 34) or single quotation marks (ASCII decimal 39). Single quote marks can be included within the attribute value when the value is delimited by double quote marks, and vice versa."


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-07-31 19:21 UTC] hholzgra@php.net
hold on for another day, help is on the way :)


 [2000-07-31 20:38 UTC] dietricha at subpop dot com
sorry that's apache 1.3.12, not apache 1.3
 [2000-07-31 22:08 UTC] dietricha at subpop dot com
sorry that's apache 1.3.12, not apache 1.3
 [2000-08-01 09:28 UTC] hholzgra@php.net
fixed in latest CVS
 [2000-08-01 09:30 UTC] hholzgra@php.net
closed
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Tue Aug 16 11:05:45 2022 UTC